fix csp warnings and delete console

aae435fe · tom · 4feeb9db · aae435fe · aae435fe
Commit aae435fe authored Feb 21, 2023 by tom
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 21 deletions

getCspPolicy.ts lib/csp/getCspPolicy.ts +12 -13

useGetCsrfToken.tsx lib/hooks/useGetCsrfToken.tsx +0 -8

No files found.
--- a/lib/csp/getCspPolicy.ts
+++ b/lib/csp/getCspPolicy.ts
@@ -16,22 +16,21 @@ const MAIN_DOMAINS = [ `*.${ appConfig.host }`, appConfig.host ];
 // eslint-disable-next-line no-restricted-properties
 const REPORT_URI = process.env.SENTRY_CSP_REPORT_URI;
-function getNetworksExternalAssets() {
+function getNetworksExternalAssetsHosts() {
  const icons = featuredNetworks
    .filter(({ icon }) => typeof icon === 'string')
-    .map(({ icon }) => new URL(icon as string));
+    .map(({ icon }) => new URL(icon as string).host);
-  const logo = appConfig.network.logo ? new URL(appConfig.network.logo) : undefined;
+  const logo = appConfig.network.logo ? new URL(appConfig.network.logo).host : undefined;
  return logo ? icons.concat(logo) : icons;
 }
-function getMarketplaceAppsOrigins() {
+function getMarketplaceAppsHosts() {
-  return appConfig.marketplaceAppList.map(({ url }) => url);
+  return {
-}
+    frames: appConfig.marketplaceAppList.map(({ url }) => new URL(url).host),
+    logos: appConfig.marketplaceAppList.map(({ logo }) => new URL(logo).host),
-function getMarketplaceAppsLogosOrigins() {
+  };
-  return appConfig.marketplaceAppList.map(({ logo }) => new URL(logo));
 }
 // we cannot use lodash/uniq in middleware code since it calls new Set() and it'is causing an error in Nextjs
@@ -46,7 +45,7 @@ function unique(array: Array<string | undefined>) {
 }
 function makePolicyMap() {
-  const networkExternalAssets = getNetworksExternalAssets();
+  const marketplaceAppsHosts = getMarketplaceAppsHosts();
  return {
    'default-src': [
@@ -130,10 +129,10 @@ function makePolicyMap() {
      'avatars.githubusercontent.com', // github avatars
      // network assets
-      ...networkExternalAssets.map((url) => url.host),
+      ...getNetworksExternalAssetsHosts(),
      // marketplace apps logos
-      ...getMarketplaceAppsLogosOrigins().map((url) => url.host),
+      ...marketplaceAppsHosts.logos,
      // ad
      'servedbyadbutler.com',
@@ -167,7 +166,7 @@ function makePolicyMap() {
    ],
    'frame-src': [
-      ...getMarketplaceAppsOrigins(),
+      ...marketplaceAppsHosts.frames,
      // ad
      'request-global.czilladx.com',

--- a/lib/hooks/useGetCsrfToken.tsx
+++ b/lib/hooks/useGetCsrfToken.tsx
@@ -14,14 +14,6 @@ export default function useGetCsrfToken() {
      const url = buildUrl('csrf');
      const apiResponse = await fetch(url, { credentials: 'include' });
      const csrfFromHeader = apiResponse.headers.get('x-bs-account-csrf');
-      // eslint-disable-next-line no-console
-      console.log('>>> RESPONSE HEADERS <<<');
-      // eslint-disable-next-line no-console
-      console.table([ {
-        'content-length': apiResponse.headers.get('content-length'),
-        'x-bs-account-csrf': csrfFromHeader,
-      } ]);
      return csrfFromHeader ? { token: csrfFromHeader } : undefined;
    }